N/A

The Go SSH library (x/crypto/ssh) by default does not verify host keys, facilitating man-in-the-middle attacks. Default behavior changed in commit e4e2799 to require explicitly registering a hostkey verification mechanism.

N/A

加密问题

Go SSH library 安全漏洞

Go是一种开源编程语言。SSH library是其中的一个用于SSH和SFTP的框架测试库。 Go SSH library (x/crypto/ssh)中存在安全漏洞，该漏洞源于程序没有验证主机密钥。攻击者可利用该漏洞实施中间人攻击。

N/A

N/A